Due to an increase in attempted hackings of Sonoma State University’s websites and accounts, the Duo Mobile service was employed in the Spring semester of 2022 as multi-factor authentication for students and staff. But is there something this service can offer that would make it more convenient to use?
The Duo Mobile app works in a rather tedious but successful way. Much like the design of the SSU’s student portal, it gets annoying to navigate through it. When logging in to canvas and other websites with your school email, it will ask you if you’d like to use a push notification or enter a code generated by the app to log in; you are logging in twice to make sure it’s you.
SSU’s website has a page titled “Multi-factor Authentication (MFA) for Students” in which it walks the reader through the ins and outs of how the app works and what users will see and do in making use of the Duo Mobile service.
This includes a section about unexpected push notifications, which is described as “an indicator that someone has your password” and is trying to log in to your account. Once the user denies the request, it will prevent you from logging in for 24 hours, or if it is a weekend it can last until Monday, some instances require contacting IT. What if you needed to use canvas to do homework or take tests within that time? How would you be able to log in if Duo Mobile is preventing you from doing so?
MFA has many benefits, as does Two-Factor Authentication (2FA), which you may have heard, but Duo Services uses multi-layered security here. Who doesn’t want more security for their passwords and online information? MFA protects users from hackers, guarding their personal and financial details, and preventing anyone else but the user from accessing it. With the increase in hacking that has occurred recently, it’s clear why SSU has employed it as another security measure for its students and staff.
When asked whether they thought the Duo Mobile service was necessary, student Ben Beeman said “People hacking the school servers was a huge issue and now in 2023, tech is more vulnerable than ever. I think it is worth it just to have another little bit of security.” Beeman then goes on, “in situations where you need to access something quickly, it can be a pain.” He also noted that there are multiple SSU pages that require a Duo login, adding to the frustration. This a very common complaint amongst students.
Another issue worthy of mentioning is how little time it takes before you have to re-login on multiple devices. Sophomore Connor Trujillo mentioned that he would prefer that time be doubled to 24 hours, adding that it’s also irksome to log in through each device every 12 hours.
On top of all this, what if a student or staff member’s phone dies? Or if they don’t have their phone at all? There is no option to do it through email so users wouldn’t be able to access it on other devices without their phones.
There are many services that offer 2FA and MFA services for educational institutions, among those Duo Security is often ranked high up. According to G2.com, a very popular and widely trusted software marketplace, Duo Security ranked third behind Google and Microsoft Authenticators. However, amongst SSU students it seems to be an annoying and inconvenient process.